From c36310365481f26942ee2956c2c5da2bb50f6488 Mon Sep 17 00:00:00 2001
From: Jon Coppeard <jcoppeard@mozilla.com>
Date: Fri, 3 Jan 2014 10:30:51 +0000
Subject: [PATCH] Bug 952819 - Disallow starting pre barrier verification when
 post barrier verifier is already running r=terrence

---
 js/src/gc/Verifier.cpp                 | 9 +++++++++
 js/src/jit-test/tests/gc/bug-952819.js | 3 +++
 2 files changed, 12 insertions(+)
 create mode 100644 js/src/jit-test/tests/gc/bug-952819.js

diff --git a/js/src/gc/Verifier.cpp b/js/src/gc/Verifier.cpp
index 9ff1cf2505c1..2e383295d740 100644
--- a/js/src/gc/Verifier.cpp
+++ b/js/src/gc/Verifier.cpp
@@ -454,6 +454,15 @@ gc::StartVerifyPreBarriers(JSRuntime *rt)
     if (rt->gcVerifyPreData || rt->gcIncrementalState != NO_INCREMENTAL)
         return;
 
+    /*
+     * The post barrier verifier requires the storebuffer to be enabled, but the
+     * pre barrier verifier disables it as part of disabling GGC.  Don't allow
+     * starting the pre barrier verifier if the post barrier verifier is already
+     * running.
+     */
+    if (rt->gcVerifyPostData)
+        return;
+
     MinorGC(rt, JS::gcreason::EVICT_NURSERY);
 
     AutoPrepareForTracing prep(rt, WithAtoms);
diff --git a/js/src/jit-test/tests/gc/bug-952819.js b/js/src/jit-test/tests/gc/bug-952819.js
new file mode 100644
index 000000000000..3b118a2dc380
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-952819.js
@@ -0,0 +1,3 @@
+verifypostbarriers()
+verifyprebarriers()
+verifypostbarriers()